aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

detect-uricontent: convert unittests to FAIL/PASS APIs

Browse Source
pull/6924/head
Modupe Falodun 3 years ago committed by Victor Julien
parent dc8908b282
commit cf5c58c075
1 changed files with 243 additions and 548 deletions
Show Stats Download Patch File Download Diff File

791
src/detect-uricontent.c
Unescape Escape View File

@ -157,50 +157,6 @@ error:
#include "detect-isdataat.h"
#include "stream-tcp-reassemble.h"
/**
* \brief Helper function to print a DetectContentData
*/
static void DetectUricontentPrint(DetectContentData *cd)
{
int i = 0;
if (cd == NULL) {
SCLogDebug("Detect UricontentData \"cd\" is NULL");
return;
}
char *tmpstr = SCMalloc(sizeof(char) * cd->content_len + 1);
if (unlikely(tmpstr == NULL))
return;
if (tmpstr != NULL) {
for (i = 0; i < cd->content_len; i++) {
if (isprint(cd->content[i]))
tmpstr[i] = cd->content[i];
else
tmpstr[i] = '.';
}
tmpstr[i] = '\0';
SCLogDebug("Uricontent: \"%s\"", tmpstr);
SCFree(tmpstr);
} else {
SCLogDebug("Uricontent: ");
for (i = 0; i < cd->content_len; i++)
SCLogDebug("%c", cd->content[i]);
}
SCLogDebug("Uricontent_id: %"PRIu32, cd->id);
SCLogDebug("Uricontent_len: %"PRIu16, cd->content_len);
SCLogDebug("Depth: %"PRIu16, cd->depth);
SCLogDebug("Offset: %"PRIu16, cd->offset);
SCLogDebug("Within: %"PRIi32, cd->within);
SCLogDebug("Distance: %"PRIi32, cd->distance);
SCLogDebug("flags: %u ", cd->flags);
SCLogDebug("negated: %s ",
cd->flags & DETECT_CONTENT_NEGATED ? "true" : "false");
SCLogDebug("relative match next: %s ",
cd->flags & DETECT_CONTENT_RELATIVE_NEXT ? "true" : "false");
SCLogDebug("-----------");
}
/**
* \test Checks if a uricontent is registered in a Signature
*/
@ -232,200 +188,142 @@ static int DetectUriSigTest01(void)
*/
static int DetectUriSigTest02(void)
{
int result = 0;
Signature *s = NULL;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL) {
goto end;
}
s = SigInit(de_ctx,"alert tcp any any -> any any (msg:"
"\" Test uricontent\"; "
"uricontent:\"foo\"; sid:1;)");
if (s == NULL ||
s->sm_lists[g_http_uri_buffer_id] == NULL ||
s->sm_lists[DETECT_SM_LIST_PMATCH] != NULL ||
s->sm_lists[DETECT_SM_LIST_MATCH] != NULL)
{
printf("sig 1 failed to parse: ");
goto end;
}
FAIL_IF_NULL(de_ctx);
s = SigInit(de_ctx,"alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"uricontent:\"foo\"; content:\"bar\";sid:1;)");
if (s == NULL ||
s->sm_lists[g_http_uri_buffer_id] == NULL ||
s->sm_lists[DETECT_SM_LIST_PMATCH] == NULL ||
s->sm_lists[DETECT_SM_LIST_MATCH] != NULL)
{
printf("sig 2 failed to parse: ");
goto end;
}
s = SigInit(de_ctx, "alert tcp any any -> any any (msg:"
"\" Test uricontent\"; "
"uricontent:\"foo\"; sid:1;)");
FAIL_IF_NULL(s);
FAIL_IF_NULL(s->sm_lists[g_http_uri_buffer_id]);
FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_MATCH]);
s = SigInit(de_ctx,"alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"uricontent:\"foo\"; content:\"bar\";"
" depth:10; offset: 5; sid:1;)");
if (s == NULL ||
s->sm_lists[g_http_uri_buffer_id] == NULL ||
s->sm_lists[DETECT_SM_LIST_PMATCH] == NULL ||
((DetectContentData *)s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->depth != 15 ||
((DetectContentData *)s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->offset != 5 ||
s->sm_lists[DETECT_SM_LIST_MATCH] != NULL)
{
printf("sig 3 failed to parse: ");
goto end;
}
s = SigInit(de_ctx, "alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"uricontent:\"foo\"; content:\"bar\";sid:1;)");
s = SigInit(de_ctx,"alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"content:\"foo\"; uricontent:\"bar\";"
" depth:10; offset: 5; sid:1;)");
if (s == NULL ||
s->sm_lists[g_http_uri_buffer_id] == NULL ||
s->sm_lists[DETECT_SM_LIST_PMATCH] == NULL ||
((DetectContentData *)s->sm_lists[g_http_uri_buffer_id]->ctx)->depth != 15 ||
((DetectContentData *)s->sm_lists[g_http_uri_buffer_id]->ctx)->offset != 5 ||
s->sm_lists[DETECT_SM_LIST_MATCH] != NULL)
{
printf("sig 4 failed to parse: ");
goto end;
}
FAIL_IF_NULL(s);
FAIL_IF_NULL(s->sm_lists[g_http_uri_buffer_id]);
FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_MATCH]);
s = SigInit(de_ctx,"alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"uricontent:\"foo\"; content:\"bar\";"
" depth:10; offset: 5; within:3; sid:1;)");
if (s != NULL) {
printf("sig 5 failed to parse: ");
goto end;
}
s = SigInit(de_ctx, "alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"uricontent:\"foo\"; content:\"bar\";"
" depth:10; offset: 5; sid:1;)");
s = SigInit(de_ctx,"alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"uricontent:\"foo\"; content:\"bar\";"
" depth:10; offset: 5; distance:3; sid:1;)");
if (s != NULL) {
printf("sig 6 failed to parse: ");
goto end;
}
FAIL_IF_NULL(s);
FAIL_IF_NULL(s->sm_lists[g_http_uri_buffer_id]);
FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->depth = 15);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->offset = 5);
FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_MATCH]);
s = SigInit(de_ctx,"alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"uricontent:\"foo\"; content:\"bar\";"
" depth:10; offset: 5; content:"
"\"two_contents\"; within:30; sid:1;)");
if (s == NULL) {
goto end;
} else if (s->sm_lists[g_http_uri_buffer_id] == NULL ||
s->sm_lists[DETECT_SM_LIST_PMATCH] == NULL ||
((DetectContentData*) s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->depth != 15 ||
((DetectContentData*) s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->offset != 5 ||
((DetectContentData*) s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx)->within != 30 ||
s->sm_lists[DETECT_SM_LIST_MATCH] != NULL)
{
printf("sig 7 failed to parse: ");
DetectContentPrint((DetectContentData*) s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx);
goto end;
}
s = SigInit(de_ctx, "alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"content:\"foo\"; uricontent:\"bar\";"
" depth:10; offset: 5; sid:1;)");
s = SigInit(de_ctx,"alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"uricontent:\"foo\"; content:\"bar\";"
" depth:10; offset: 5; uricontent:"
"\"two_uricontents\"; within:30; sid:1;)");
if (s == NULL) {
goto end;
} else if (s->sm_lists[g_http_uri_buffer_id] == NULL ||
s->sm_lists[DETECT_SM_LIST_PMATCH] == NULL ||
((DetectContentData*) s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->depth != 15 ||
((DetectContentData*) s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->offset != 5 ||
((DetectContentData*) s->sm_lists_tail[g_http_uri_buffer_id]->ctx)->within != 30 ||
s->sm_lists[DETECT_SM_LIST_MATCH] != NULL)
{
printf("sig 8 failed to parse: ");
DetectUricontentPrint((DetectContentData*) s->sm_lists_tail[g_http_uri_buffer_id]->ctx);
goto end;
}
FAIL_IF_NULL(s);
FAIL_IF_NULL(s->sm_lists[g_http_uri_buffer_id]);
FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists[g_http_uri_buffer_id]->ctx)->depth = 15);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists[g_http_uri_buffer_id]->ctx)->offset = 5);
FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_MATCH]);
s = SigInit(de_ctx, "alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"uricontent:\"foo\"; content:\"bar\";"
" depth:10; offset: 5; within:3; sid:1;)");
FAIL_IF_NOT_NULL(s);
s = SigInit(de_ctx, "alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"uricontent:\"foo\"; content:\"bar\";"
" depth:10; offset: 5; distance:3; sid:1;)");
FAIL_IF_NOT_NULL(s);
s = SigInit(de_ctx, "alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"uricontent:\"foo\"; content:\"bar\";"
" depth:10; offset: 5; content:"
"\"two_contents\"; within:30; sid:1;)");
s = SigInit(de_ctx,"alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"uricontent:\"foo\"; content:\"bar\";"
" depth:10; offset: 5; content:"
"\"two_contents\"; distance:30; sid:1;)");
if (s == NULL) {
goto end;
} else if (
s->sm_lists[g_http_uri_buffer_id] == NULL ||
s->sm_lists[DETECT_SM_LIST_PMATCH] == NULL ||
((DetectContentData*) s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->depth != 15 ||
((DetectContentData*) s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->offset != 5 ||
((DetectContentData*) s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx)->distance != 30 ||
s->sm_lists[DETECT_SM_LIST_MATCH] != NULL)
{
printf("sig 9 failed to parse: ");
DetectContentPrint((DetectContentData*) s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx);
goto end;
}
FAIL_IF_NULL(s);
FAIL_IF_NULL(s->sm_lists[g_http_uri_buffer_id]);
FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->depth = 15);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->offset = 5);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx)->within = 30);
FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_MATCH]);
s = SigInit(de_ctx, "alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"uricontent:\"foo\"; content:\"bar\";"
" depth:10; offset: 5; uricontent:"
"\"two_uricontents\"; within:30; sid:1;)");
s = SigInit(de_ctx,"alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"uricontent:\"foo\"; content:\"bar\";"
" depth:10; offset: 5; uricontent:"
"\"two_uricontents\"; distance:30; sid:1;)");
if (s == NULL) {
goto end;
} else if (
s->sm_lists[g_http_uri_buffer_id] == NULL ||
s->sm_lists[DETECT_SM_LIST_PMATCH] == NULL ||
((DetectContentData*) s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->depth != 15 ||
((DetectContentData*) s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->offset != 5 ||
((DetectContentData*) s->sm_lists_tail[g_http_uri_buffer_id]->ctx)->distance != 30 ||
s->sm_lists[DETECT_SM_LIST_MATCH] != NULL)
{
printf("sig 10 failed to parse: ");
DetectUricontentPrint((DetectContentData*) s->sm_lists_tail[g_http_uri_buffer_id]->ctx);
goto end;
}
FAIL_IF_NULL(s);
FAIL_IF_NULL(s->sm_lists[g_http_uri_buffer_id]);
FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->depth = 15);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->offset = 5);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists_tail[g_http_uri_buffer_id]->ctx)->within = 30);
FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_MATCH]);
s = SigInit(de_ctx, "alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"uricontent:\"foo\"; content:\"bar\";"
" depth:10; offset: 5; content:"
"\"two_contents\"; distance:30; sid:1;)");
s = SigInit(de_ctx,"alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"uricontent:\"foo\"; content:\"bar\";"
" depth:10; offset: 5; uricontent:"
"\"two_uricontents\"; distance:30; "
"within:60; content:\"two_contents\";"
" within:70; distance:45; sid:1;)");
if (s == NULL) {
printf("sig 10 failed to parse: ");
goto end;
}
FAIL_IF_NULL(s);
FAIL_IF_NULL(s->sm_lists[g_http_uri_buffer_id]);
FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->depth = 15);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->offset = 5);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx)->distance = 30);
FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_MATCH]);
s = SigInit(de_ctx, "alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"uricontent:\"foo\"; content:\"bar\";"
" depth:10; offset: 5; uricontent:"
"\"two_uricontents\"; distance:30; sid:1;)");
if (s->sm_lists[g_http_uri_buffer_id] == NULL || s->sm_lists[DETECT_SM_LIST_PMATCH] == NULL) {
printf("umatch %p or pmatch %p: ", s->sm_lists[g_http_uri_buffer_id], s->sm_lists[DETECT_SM_LIST_PMATCH]);
goto end;
}
FAIL_IF_NULL(s);
FAIL_IF_NULL(s->sm_lists[g_http_uri_buffer_id]);
FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->depth = 15);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->offset = 5);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists_tail[g_http_uri_buffer_id]->ctx)->distance = 30);
FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_MATCH]);
s = SigInit(de_ctx, "alert tcp any any -> any any (msg:"
"\" Test uricontent and content\"; "
"uricontent:\"foo\"; content:\"bar\";"
" depth:10; offset: 5; uricontent:"
"\"two_uricontents\"; distance:30; "
"within:60; content:\"two_contents\";"
" within:70; distance:45; sid:1;)");
FAIL_IF_NULL(s);
if ( ((DetectContentData*) s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->depth != 15 ||
((DetectContentData*) s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->offset != 5 ||
((DetectContentData*) s->sm_lists_tail[g_http_uri_buffer_id]->ctx)->distance != 30 ||
((DetectContentData*) s->sm_lists_tail[g_http_uri_buffer_id]->ctx)->within != 60 ||
((DetectContentData*) s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx)->distance != 45 ||
((DetectContentData*) s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx)->within != 70 ||
s->sm_lists[DETECT_SM_LIST_MATCH] != NULL) {
printf("sig 10 failed to parse, content not setup properly: ");
DetectContentPrint((DetectContentData*) s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx);
DetectUricontentPrint((DetectContentData*) s->sm_lists_tail[g_http_uri_buffer_id]->ctx);
DetectContentPrint((DetectContentData*) s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx);
goto end;
}
FAIL_IF_NULL(s->sm_lists[g_http_uri_buffer_id]);
FAIL_IF_NULL(s->sm_lists[DETECT_SM_LIST_PMATCH]);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->depth = 15);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists[DETECT_SM_LIST_PMATCH]->ctx)->offset = 5);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists_tail[g_http_uri_buffer_id]->ctx)->distance = 30);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists_tail[g_http_uri_buffer_id]->ctx)->within = 60);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx)->distance = 45);
FAIL_IF_NOT(((DetectContentData *)s->sm_lists_tail[DETECT_SM_LIST_PMATCH]->ctx)->within = 70);
FAIL_IF_NOT_NULL(s->sm_lists[DETECT_SM_LIST_MATCH]);
result = 1;
end:
if (de_ctx != NULL)
DetectEngineCtxFree(de_ctx);
return result;
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
@ -433,28 +331,16 @@ end:
*/
static int DetectUriSigTest03(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 1;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
"alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"\"; sid:238012;)");
if (de_ctx->sig_list != NULL) {
result = 0;
goto end;
}
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
Signature *s = DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"\"; sid:238012;)");
FAIL_IF_NOT_NULL(s);
return result;
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
@ -462,28 +348,16 @@ static int DetectUriSigTest03(void)
*/
static int DetectUriSigTest04(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 1;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
"alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"; sid:238012;)");
if (de_ctx->sig_list != NULL) {
result = 0;
goto end;
}
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
Signature *s = DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"; sid:238012;)");
FAIL_IF_NOT_NULL(s);
return result;
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
@ -491,28 +365,16 @@ static int DetectUriSigTest04(void)
*/
static int DetectUriSigTest05(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 1;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
"alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"boo; sid:238012;)");
if (de_ctx->sig_list != NULL) {
result = 0;
goto end;
}
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
Signature *s = DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"boo; sid:238012;)");
FAIL_IF_NOT_NULL(s);
return result;
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
@ -520,28 +382,16 @@ static int DetectUriSigTest05(void)
*/
static int DetectUriSigTest06(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 1;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
"alert udp any any -> any any "
"(msg:\"test\"; uricontent:boo\"; sid:238012;)");
if (de_ctx->sig_list != NULL) {
result = 0;
goto end;
}
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
Signature *s = DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:boo\"; sid:238012;)");
FAIL_IF_NOT_NULL(s);
return result;
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
@ -549,38 +399,25 @@ static int DetectUriSigTest06(void)
*/
static int DetectUriSigTest07(void)
{
DetectEngineCtx *de_ctx = NULL;
DetectContentData *ud = 0;
Signature *s = NULL;
int result = 0;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
s = de_ctx->sig_list = SigInit(de_ctx,
"alert udp any any -> any any "
"(msg:\"test\"; uricontent: !\"boo\"; sid:238012;)");
if (de_ctx->sig_list == NULL) {
printf("de_ctx->sig_list == NULL: ");
goto end;
}
s = DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent: !\"boo\"; sid:238012;)");
FAIL_IF_NULL(s);
if (s->sm_lists_tail[g_http_uri_buffer_id] == NULL || s->sm_lists_tail[g_http_uri_buffer_id]->ctx == NULL) {
printf("de_ctx->pmatch_tail == NULL && de_ctx->pmatch_tail->ctx == NULL: ");
goto end;
}
FAIL_IF_NULL(s->sm_lists_tail[g_http_uri_buffer_id]);
FAIL_IF_NULL(s->sm_lists_tail[g_http_uri_buffer_id]->ctx);
ud = (DetectContentData *)s->sm_lists_tail[g_http_uri_buffer_id]->ctx;
result = (strncmp("boo", (char *)ud->content, ud->content_len) == 0);
FAIL_IF_NOT(strncmp("boo", (char *)ud->content, ud->content_len) == 0);
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
return result;
PASS;
}
@ -589,28 +426,16 @@ end:
*/
static int DetectUriContentParseTest08(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 1;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
"alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"|\"; sid:1;)");
if (de_ctx->sig_list != NULL) {
result = 0;
goto end;
}
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
Signature *s = DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"|\"; sid:1;)");
FAIL_IF_NOT_NULL(s);
return result;
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
@ -618,28 +443,16 @@ static int DetectUriContentParseTest08(void)
*/
static int DetectUriContentParseTest09(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 1;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
"alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"|af\"; sid:1;)");
if (de_ctx->sig_list != NULL) {
result = 0;
goto end;
}
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
Signature *s = DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"|af\"; sid:1;)");
FAIL_IF_NOT_NULL(s);
return result;
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
@ -647,28 +460,16 @@ static int DetectUriContentParseTest09(void)
*/
static int DetectUriContentParseTest10(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 1;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
"alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"af|\"; sid:1;)");
if (de_ctx->sig_list != NULL) {
result = 0;
goto end;
}
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
Signature *s = DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"af|\"; sid:1;)");
FAIL_IF_NOT_NULL(s);
return result;
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
@ -676,28 +477,16 @@ static int DetectUriContentParseTest10(void)
*/
static int DetectUriContentParseTest11(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 1;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
"alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"|af|\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
result = 0;
goto end;
}
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
Signature *s = DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"|af|\"; sid:1;)");
FAIL_IF_NULL(s);
return result;
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
@ -705,28 +494,16 @@ static int DetectUriContentParseTest11(void)
*/
static int DetectUriContentParseTest12(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 1;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
"alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"aast|\"; sid:1;)");
if (de_ctx->sig_list != NULL) {
result = 0;
goto end;
}
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
Signature *s = DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"aast|\"; sid:1;)");
FAIL_IF_NOT_NULL(s);
return result;
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
@ -734,28 +511,16 @@ static int DetectUriContentParseTest12(void)
*/
static int DetectUriContentParseTest13(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 1;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
"alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"aast|af\"; sid:1;)");
if (de_ctx->sig_list != NULL) {
result = 0;
goto end;
}
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
Signature *s = DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"aast|af\"; sid:1;)");
FAIL_IF_NOT_NULL(s);
return result;
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
@ -763,28 +528,16 @@ static int DetectUriContentParseTest13(void)
*/
static int DetectUriContentParseTest14(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 1;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
"alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"aast|af|\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
result = 0;
goto end;
}
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
Signature *s = DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"aast|af|\"; sid:1;)");
FAIL_IF_NULL(s);
return result;
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
@ -792,28 +545,16 @@ static int DetectUriContentParseTest14(void)
*/
static int DetectUriContentParseTest15(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 1;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
"alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"|af|asdf\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
result = 0;
goto end;
}
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
Signature *s = DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"|af|asdf\"; sid:1;)");
FAIL_IF_NULL(s);
return result;
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
@ -821,28 +562,16 @@ static int DetectUriContentParseTest15(void)
*/
static int DetectUriContentParseTest16(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 1;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
"alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"|af|af|\"; sid:1;)");
if (de_ctx->sig_list != NULL) {
result = 0;
goto end;
}
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
Signature *s = DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"|af|af|\"; sid:1;)");
FAIL_IF_NOT_NULL(s);
return result;
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
@ -850,28 +579,17 @@ static int DetectUriContentParseTest16(void)
*/
static int DetectUriContentParseTest17(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 1;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
"alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"|af|af|af\"; sid:1;)");
if (de_ctx->sig_list != NULL) {
result = 0;
goto end;
}
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
Signature *s =
DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"|af|af|af\"; sid:1;)");
FAIL_IF_NOT_NULL(s);
return result;
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
@ -879,28 +597,17 @@ static int DetectUriContentParseTest17(void)
*/
static int DetectUriContentParseTest18(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 1;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
"alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"|af|af|af|\"; sid:1;)");
if (de_ctx->sig_list == NULL) {
result = 0;
goto end;
}
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
Signature *s =
DetectEngineAppendSig(de_ctx, "alert udp any any -> any any "
"(msg:\"test\"; uricontent:\"|af|af|af|\"; sid:1;)");
FAIL_IF_NULL(s);
return result;
DetectEngineCtxFree(de_ctx);
PASS;
}
/**
@ -908,28 +615,16 @@ static int DetectUriContentParseTest18(void)
*/
static int DetectUriContentParseTest19(void)
{
DetectEngineCtx *de_ctx = NULL;
int result = 1;
de_ctx = DetectEngineCtxInit();
if (de_ctx == NULL)
goto end;
DetectEngineCtx *de_ctx = DetectEngineCtxInit();
FAIL_IF_NULL(de_ctx);
de_ctx->flags |= DE_QUIET;
de_ctx->sig_list = SigInit(de_ctx,
"alert tcp any any -> any any "
"(msg:\"test\"; uricontent:\"\"; sid:1;)");
if (de_ctx->sig_list != NULL) {
result = 0;
goto end;
}
end:
SigGroupCleanup(de_ctx);
SigCleanSignatures(de_ctx);
DetectEngineCtxFree(de_ctx);
Signature *s = DetectEngineAppendSig(de_ctx, "alert tcp any any -> any any "
"(msg:\"test\"; uricontent:\"\"; sid:1;)");
FAIL_IF_NOT_NULL(s);
return result;
DetectEngineCtxFree(de_ctx);
PASS;
}
static int DetectUricontentIsdataatParseTest(void)

Write Preview
Loading…
Cancel
Save